XeroWP
Sobi Forms
Sobi Forms

Sobi Forms

5/5 (1 ratings) 10 active installs Updated Jun 18, 2026
contact formcustom formfile uploadform builderlead generation
Download v1.5.1 Plugin Website

Sobi Forms is a lightweight contact form plugin built for speed and simplicity. Create multiple forms, embed them anywhere with a shortcode or Gutenberg block, and keep your front-end lean.

Learn more on the official site: sobiforms.com — features, FAQ, and the public roadmap.

Performance-first front-end

  • Vanilla JavaScript on the front-end
  • ~3.7 KB CSS + JS combined (gzipped transfer; ~13.3 KB unminified source on form pages)
  • Assets enqueue only when a form is rendered on the page – zero impact on other pages
  • Script loaded in the footer with defer strategy (WordPress 6.3+)
  • No global front-end CSS frameworks

Form builder (admin only)

  • Redesigned editor for more comfort — form canvas on the left, settings sidebar on the right; save without a full page reload
  • Lucide icons in the admin builder and submissions inbox (modern, consistent UI)
  • Document-first drag-and-drop editor (React via WordPress wp-element, loaded only on the form edit screen)
  • Field types: text, email, link (URL), textarea, phone, number, select, multiple choice (radio tiles), multi-option checkbox, file upload; layout blocks: title (section heading), paragraph (instructions)
  • URL prefill: optional per-field URL parameter to pre-populate scalar fields from query strings (client-side; cache-friendly)
  • Hidden fields: compact sidebar table to pass invisible data (URL params and/or static defaults); invisible on the front; always submitted; visible in inbox
  • File upload: one file per field; admin picks allowed types by category (Application, Image, Text) or individual extensions; private storage under uploads/sobiforms/; download from the Submissions inbox (admin only). Save to database is required when a form includes a file field
  • Field settings: number min/max; text min/max characters; show/hide label; textarea resize and max length; file max size (default 5 MB, capped by server)
  • Radio and multi-checkbox options edited inline in the builder (add option, remove on hover); dropdown options in the field menu
  • Multiple recipient emails per form
  • After submit: inline success message or redirect to a published page
  • Availability: pause a form, auto-close at a date/time, or after a set number of submissions, with a visitor message when closed

Embedding

  • Shortcode: [sobiforms id="3"] or [sobiforms slug="contact"] (ID or slug required; slug is fixed after creation)
  • Gutenberg block: Sobi Forms Contact with form picker
  • Works with any page builder that supports shortcodes or blocks

Submissions

  • Email notifications via wp_mail() (HTML)
  • Optional visitor confirmation email — simple thank-you receipt to the submitter (per form, Notifications sidebar)
  • Per-form delivery — email notifications and/or database storage (new forms default to inbox storage)
  • Inbox with read/unread, starred, spam queue, admin notes, search and filters; split list + detail layout with resizable columns; All / Unread / Starred view tabs and per-form filter in the list header
  • Submission source page — frozen page title and pathname at submit time in the detail sidebar (no query string; use hidden fields for UTM/campaign params)
  • Dashboard widget on the WordPress admin home — recent unread submissions at a glance
  • Optional Akismet spam filtering (when the Akismet plugin is active)
  • Honeypot, nonce verification, rate limiting (5 submissions/hour per hashed IP)

Security

  • Nonce on every submission
  • Honeypot field
  • Server-side field validation against a strict JSON schema
  • Capability checks and nonces on all admin actions
  • Optional Akismet integration — spam submissions quarantined when the Akismet plugin is active
  • File uploads — server-side MIME validation; upload directory hardened on Apache (direct HTTP access denied); admin-only download with path verification

Privacy Policy

Sobi Forms processes data submitted through your forms. Per form you choose how submissions are delivered:

  • Email notifications – when enabled and recipient addresses are set, field values are sent via wp_mail().
  • Visitor confirmation – when Visitor email confirmation is enabled, the submitter may receive a simple thank-you at the address from the selected email field (no submitted field values in that email).
  • Database storage – when Save to database is enabled (default for new forms in the builder), submissions are saved in custom tables on your site (wp_sobiforms_submissions, wp_sobiforms_forms). Each form has its own retention setting (auto-delete after N days). You can use inbox-only delivery with no email.
  • Hashed IP – when storage is enabled, a one-way SHA-256 hash of the visitor IP is stored with each submission for abuse prevention. Raw IP addresses are not stored.
  • Rate limiting – a transient keyed by hashed IP limits submissions to 5 per hour. Transients expire automatically.
  • Admin notes – internal notes on submissions are stored in your database and never shown on the front-end or included in emails.
  • No tracking – Sobi Forms does not connect to third-party analytics or advertising when processing form submissions.
  • Optional Akismet – if you enable Akismet spam filtering and the Akismet plugin is active, submission content may be sent to Akismet’s service for spam checks.
  • No data sent to the plugin author – form submissions stay on your server and mail server. The Feedback settings tab links to the WordPress.org support forum and sobiforms.com/roadmap only if you choose to open them.

Site owners are responsible for their privacy policy and lawful basis for collecting visitor data.

Licenses for Third-Party Resources

This plugin bundled resources covered by their own respective licenses:
* Lucide Icons – https://lucide.dev
License: ISC (https://lucide.dev/license)
Copyright (c) Lucide Contributors